SB2026070251 - Use-after-free in Linux kernel netfilter
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53349)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to cause a denial of service.
The vulnerability exists due to a use-after-free in netfilter nf_conntrack expectation handling when processing an expected connection after a NAT helper module has been unloaded. A local privileged user can unload a NAT helper module while live expectations remain and then trigger the expected connection to cause a denial of service.
Reaching the vulnerable state requires CAP_SYS_MODULE in the initial user namespace to remove a NAT helper that still has live expectations.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/29d8cc44bbdf7b83a1929912214afe6643c1b4f1
- https://git.kernel.org/stable/c/9d017671dcfcec23321fb7962dea624f9e71ddb1
- https://git.kernel.org/stable/c/bf8c0b5dd203be94c2ad50e264cec19267c6bd39
- https://git.kernel.org/stable/c/c3009418f9fa1dcb3eb86f4d8c92583537b5faa3
- https://git.kernel.org/stable/c/f92c90a2a3e6ff6f9f7fe88fde9004b4ca8f956d
- https://git.kernel.org/stable/c/fbfde85308b99938a6092c48753214d190ece48d